All Apps and Add-ons
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

IP Reputation App - Project HoneyPot website is under maintanance

BenTan
Path Finder
‎01-15-2017 09:23 PM

Hi,

Currently we are trying to deploy the IP Reputation App to monitor IP threatscore going through our Bluecoat proxy servers. However, all the threatscore returning is 0 and I tried to check the projecthoneypot.org and its under maintanance for more than 5 days now.

If the projecthoneypot server is down, does it mean this app will stop working?

Any help will be appreciated!

Regards,
Benjamin

0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

mmaier_splunk
Splunk Employee
Splunk Employee
‎01-16-2017 04:16 AM

Hi Benjamin,

thanks for reaching out and asking. It seems they are in maintenance mode - however unusually for so long.

The Splunk App here is using dns queries to their dns blacklist via: dnsbl.httpbl.org

i tried a nslookup of a test ip which i documented in the scorelookup.py and it tells me that the destination server is not reachable.

so let's wait some more time and see if the projecthoneypot service comes back - otherwise we need to remove the ip reputation app.

There are many out of the box threat intelligence lists (including Stix/open IOC support) in Splunk's Enterprise Security product (licensed). You can also utilise Apps from Kaspersky Threat Intelligence, Symantec, PhishMe, DomainTools etc.

However there is nothing i can change currently.

Br

View solution in original post

0 Karma
Reply
Solved! Jump to solution

mmaier_splunk
Splunk Employee
Splunk Employee
‎11-27-2017 09:52 AM

Update:
Their website is back and everything working.

Reply
Solved! Jump to solution

mmaier_splunk
Splunk Employee
Splunk Employee
‎04-04-2017 11:08 PM

Hello,
Quick update to this:

Seems the website is still under maintenance. Was looking to put the IP Reputation app offline. However i tried the service and it gives me the right responses through the DNS blacklist interface if you do nslookups. So the IP lookups are working - just not sure what quality it is currently.

You can follow their upgrade and maintenance updates on the twitter feed of projecthoneypot:
https://twitter.com/projecthoneypot

best

0 Karma
Reply
Solved! Jump to solution
Solution

mmaier_splunk
Splunk Employee
Splunk Employee
‎01-16-2017 04:16 AM

Hi Benjamin,

thanks for reaching out and asking. It seems they are in maintenance mode - however unusually for so long.

The Splunk App here is using dns queries to their dns blacklist via: dnsbl.httpbl.org

i tried a nslookup of a test ip which i documented in the scorelookup.py and it tells me that the destination server is not reachable.

so let's wait some more time and see if the projecthoneypot service comes back - otherwise we need to remove the ip reputation app.

There are many out of the box threat intelligence lists (including Stix/open IOC support) in Splunk's Enterprise Security product (licensed). You can also utilise Apps from Kaspersky Threat Intelligence, Symantec, PhishMe, DomainTools etc.

However there is nothing i can change currently.

Br

0 Karma
Reply
Solved! Jump to solution

BenTan
Path Finder
‎01-19-2017 08:53 PM

Hi,

Thanks for your suggestion! I ended up using Optiv Threat Intelligence App, althought still in the middle of configuration and troubleshooting for the app but it's a good start!

Once again, thank you. 🙂

Regards,
Benjamin

0 Karma
Reply
Get Updates on the Splunk Community!

Introducing the 2024 SplunkTrust!

Hello, Splunk Community! We are beyond thrilled to announce our newest group of SplunkTrust members!  The ...

Introducing the 2024 Splunk MVPs!

We are excited to announce the 2024 cohort of the Splunk MVP program. Splunk MVPs are passionate members of ...

Splunk Custom Visualizations App End of Life

The Splunk Custom Visualizations apps End of Life for SimpleXML will reach end of support on Dec 21, 2024, ...